The Age of Modern Mac Malware

Apple fans might remember 2010 mostly for the launch of the iPad, rather than the Boonana Trojan that hit Macs the same year. Boonana was one of the first pieces of malware to leverage the increased popularity of social media networks like Facebook to spread itself from one wall to another.

Although most computer users are now familiar with threats and more careful with what they download, back in 2010, before the Mac App Store, hackers used screensavers and various free applications to spread spyware and scrape systems for information.

In 2011, hackers took advantage of the lack of information among Mac users and developed MACDefender, a fake antivirus that was extremely well crafted and presented. Most damaging, though, was BlackHole RAT that authorized remote access to all infected devices.

Shortly after, in 2012, a Java vulnerability led to the infection of 600,000 Mac users with Flashback Malware, which hackers used to steal data and download more malware onto the compromised device. This was one of the largest malware epidemics at the time, even when compared to Windows computers.

In 2013, Lamadai was reported after hacking Tibetan NGOs. Lamadai was a Mac payload that tricked users into visiting malicious websites and dropped a payload through a Java vulnerability. That same year saw the emergence of HackBack, mainly used to steal information and send it to a remote machine.

2014 started getting interesting in terms of Mac malware, after the sophisticated iWorm backdoor was identified on over 17,000 computers. To run undetected, hackers used subreddit pages of the popular Reddit website to instruct the computers where to connect so they could be herded by botmasters.

Around the same time, Chinese hackers designed Wirelurker, which spread through applications downloaded from unofficial stores, mostly targeting Chinese Mac and iPhone users. Other annoying Trojans worth mentioning are CoinThief, designed to steal Bitcoin from an infected computer, and LaoShu, which created a backdoor to harvest information.

The threat landscape suffered yet another major shift in 2015, with Mac malware peaking at almost 2,000 unique malware samples created specifically for Apple. That means five times more malware was detected in 2015 than in the previous five years combined. 2015 also revealed some interesting proof-of-concept attacks targeting Macs: Thunderstrike, Dark Jedi, and Mabouia ransomware, the first ransomware designed for Mac.

In 2016, however, ransomware finally made it into the wild. KeRanger, believed to be a variant of Linux.Encoder ransomware, was specifically designed to target Macs. It affected some 7,000 users. KeRanger spread through a compromised Transmission kit, a BitTorrent client. Also from 2016, Backdoor.MAC.Eleanor, detected by Bitdefender researchers, exposed Mac OS users to data theft and full remote control of the device.

In 2017, malware has reached new levels of sophistication in its ability to circumvent operating system defenses and outsmart even the savviest of users. As Apple devices have turned into an attractive target, cyber-criminal gangs the world over have unleashed highly advanced families of malware such as Dok, which poses as a Word document and FruitFly (a piece of surveillance malware). And let’s not forget Proton RAT, which spread after hackers managed to compromise the website hosting the HandBrake media conversion application. The hack was so well executed and disguised that it even tricked experienced, tech-savvy users, drawing even more attention to the importance of security software.

Macs are an important part of our daily lives. And just like any important device, they need care and attention. Make sure you keep yours protected with Bitdefender’s best-in-class security solution for Macs.